I am using openafs-1.8.6 on SL-6.10/Centos-6.10
I just rekeyed successfully.
The docs in OpenAFS lead to some rxkad.keytab for some Openafs-1.6.x
(around year 2013)
After creating such a file, one needs to apply 'akeyconvert' ; which
transfers the heart of it
to the file KeyFileExt which
Hi Rainer,
The DES only limitation of the afs/cell@REALM service principal was
removed in the 2013 release of OpenAFS 1.4.15 and 1.6.5. Since those
releases neither the server ticket key nor the session key are
restricted to the des-cbc-crc encryption type. All cells should be
upgraded to curren
The simplest solution: use gssklog of D.E.Engert. The token then
comes from an AFS vlservers KeyFile
and not from an entry afs/**@*** in some krb5kdc. Just run some gssklogd
and switch from aklog to
gssklog in your profiles. Some times ago, even CERN.ch used it.
The original tarfile can s
Il 14/09/20 12:11, Andreas Ladanyi ha scritto:
> Rekey your AFS Server(s).
> Have a look at this document:
> https://www.openafs.org/pages/security/how-to-rekey.txt
> An interesting discussion about "how-to-rekey.txt":
> https://openafs-info.openafs.narkive.com/PVFdhGZD/afs-principal-rekeying-instr
Hi Stefano,
Rekey your AFS Server(s).
Have a look at this document:
https://www.openafs.org/pages/security/how-to-rekey.txt
An interesting discussion about "how-to-rekey.txt":
https://openafs-info.openafs.narkive.com/PVFdhGZD/afs-principal-rekeying-instructions-may-be-incomplete
regards,
Hello!
Recent releases of krb5 (> 1.18) no longer support single des
encryption (the "allow_weak_crypto = yes" option in krb5.conf client
side has no longer effect), so now we get this error with "aklog -d":
---
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get X
